Phishing and software vulnerabilities cause nearly 70% of cyber incidents

Every year, businesses lose millions paying cybercriminals and dealing with cyber incidents. Despite cybersecurity allocations increasing in recent times, the amount is sometimes still not enough to give sufficient protection to an organization.

For some companies, investing in cybersecurity is becoming a burden they can’t avoid to take likely. Most understand the importance of having cybersecurity but still fail to understand the need to improve them constantly.

The reality is though, threats continue to evolve and while a company may have allocated a huge sum for protecting their critical workloads, cyber incidents can still happen. Threats are now targeting businesses through their supply chain and even launching social engineering attacks on employees.

In fact, a recent report by Palo Alto Networks’ Unit 42 revealed that phishing and software vulnerabilities cause nearly 70% of cyber incidents. The 2022 Unit 42 Incident Response Report highlighted the heavy use of software vulnerabilities matches the opportunistic behavior of threat actors who scour the internet for vulnerabilities and weak points on which to focus.

Interestingly, the report identified that the finance and real estate industries received the highest average ransom demands, with an average demand of nearly US$8 million and US$5.2 million, respectively. Overall, ransomware and business email compromise (BEC) was the top incident types that the Incident Response team responded to over the past 12 months, accounting for approximately 70% of incident response cases.

According to Wendi Whitmore, SVP and head of Unit 42 at Palo Alto Networks cybercrime is an easy business to get into because of its low cost and often high returns. Whitmore pointed out that as such, unskilled, novice threat actors can get started with access to tools like hacking-as-a-service becoming more popular and available on the dark web.

“Ransomware attackers are also becoming more organized with their customer service and satisfaction surveys as they engage with cybercriminals and the victimized organizations,” commented Whitmore.

When it comes to ransomware, Unit 42 has identified that the median dwell time — meaning the time threat actors spend in a targeted environment before being detected — observed for ransomware attacks was 28 days. Increasingly, affected organizations can also expect threat actors to use double extortion, threatening to publicly release sensitive information if a ransom isn’t paid.

At the same time, cybercriminals used a variety of techniques in business email compromise wire-fraud schemes. Forms of social engineerings, such as phishing, offer an easy and cost-effective way to gain covert access while maintaining a low risk of discovery.

Some other findings include the top three initial access vectors used by threat actors, which were phishing, exploitation of known software vulnerabilities, and brute-force credential attacks focused primarily on a remote desktop protocol (RDP). Combined, these attack vectors make up 77% of the suspected root causes for intrusions.

ProxyShell accounted for more than half of all vulnerabilities exploited for initial access at 55%, followed by Log4J (14%), SonicWall (7%), ProxyLogon (5%), and Zoho ManageEngine ADSelfService Plus (4%).

Moreover, Unit 42 investigators discovered that organizations lacked multifactor authentication on critical internet-facing systems, such as corporate webmail, virtual private network (VPN) solutions, or other remote access solutions.

Other interesting findings from cyber-attacks showed:

• In 13% of cases, organizations had no mitigations in place to ensure account lockout for brute-force credential attacks.
• In 28% of cases, having poor patch management procedures contributed to threat actor success.
• In 44% of cases, organizations did not have an endpoint detection and response (EDR) or extended detection and response (XDR) security solution, or it was not fully deployed on the initially impacted systems to detect and respond to malicious activities.
• 75% of insider threat cases involved a former employee

With that said, Palo Alto Networks Unit 42 has an experienced team of security consultants with backgrounds in public and private sectors who have handled some of the largest cyberattacks in history. They manage complex cyber risks and respond to advanced threats, including nation-state attacks, advanced persistent threats, or APTs, and complex ransomware investigations.

---

---

---

---